Django URL Error in Azure web app - django

I have Django app deployed in Azure Web App.The app is working correctly in development using:
manage.py runserver
The problem comes when the app is deployed and I have to confirm my registration from email, the URL is something like that:
http://testApp.azurewebsites.net/activate/InRoY4Jua1BhYnYuYmci:1b4pyC:R2Gak--Jwgl0z5gqb0mF6a9OPfU/
I got this error:
The request could not be understood by the server due to malformed syntax.
So after removing ":" from the URL the request works(it gives error for invalid activation link)
How could I allow my azure app to use ":" in my urls?
Solution thanks to benjguin!
Ended up using:
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="<,>,*,%,&,\,?" />
<compilation debug="true" targetFramework="4.0" />
</system.web>
This way I only ignore colon(":") from the invalid characters.

WARNING: the default configuration filters potentially dangerous URLs. The following will disable this protection. Do that knowingly.
You could replace this portion of the web.Config
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
by this one
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
<compilation debug="true" targetFramework="4.0" />
</system.web>
Explanations are available here: https://msdn.microsoft.com/en-us/library/e1f13641(v=vs.100).aspx
You can edit the web.Config file from testApp.scm.azurewebsites.net (same credentials as for portal.azure.com), Debug Console, CMD, then cd site\wwwroot. Scroll down to web.Config, you'll find a logo with a pen on the left that will open a text editor in the browser.

Related

Hosting Django web application on IIS error

My organization has implemented a web application in Django, and we need to host it on a Windows system. We are using Django 3.2.8 and Python 3.8.8.
The Django project is currently stored here:
C:\inetpub\wwwroot\CED_HRAP
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="Python FastCGI" path="\*" verb="*" modules="FastCGIModule" scriptProcessor="c:\python38\python.exe|c:\python38\lib\site-packages\wfastcgi.py" resourceType="Unspecified" requireAccess="Script" />
</handlers>
<defaultDocument>
<files>
<clear />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="base.html" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
</system.webServer>
<appSettings>
<add key="PYTHONPATH" value="C:\inetpub\wwwroot\CED_HRAP" />
<add key="WSGI_HANDLER" value="CED_HRAP.wsgi.application" />
<add key="DJANGO_SETTINGS_MODULE" value="CED_HRAP.settings" />
</appSettings>
</configuration>
Our settings.py file is located at
C:\inetpub\wwwroot\CED_HRAP\CED_HRAP\settings.py
We are currently seeing this error message:
HTTP Error 403.14 - Forbidden The Web server is configured to not list
the contents of this directory.
Most likely causes:
A default document is not configured for the requested URL, and
directory browsing is not enabled on the server.
How should we configure the default documents in the web.config file so that it links to Django's internal routing (urls.py)?
We followed the instructions here:
https://github.com/Johnnyboycurtis/webproject
(youtube: https://www.youtube.com/watch?v=APCQ15YqqQ0)
You can see that the web.config file in the above repository does not have any default documents specified. We added them to web.config in an effort to resolve the current error.
Have also looked at several other tutorials and documents on this process, but have not been able to resolve the problem.
Thanks!
This problem occurs because the website doesn't have the Directory Browsing feature enabled. Also, the default document isn't configured. To resolve this problem, use one of the following methods:
Method 1: Enable the Directory Browsing feature in IIS
To resolve this problem, follow these steps:
Start IIS Manager. To do it, select Start, select Run, type inetmgr.exe, and then select OK.
In IIS Manager, expand server name, expand Web sites, and then select the website that you want to change.
In the Features view, double-click Directory Browsing.
In the Actions pane, select Enable.
Method 2: Add a default document
To resolve this problem, follow these steps:
Start IIS Manager. To do it, select Start, select Run, type inetmgr.exe, and then select OK.
In IIS Manager, expand server name, expand Web sites, and then select the website that you want to change.
In the Features view, double-click Default Document.
In the Actions pane, select Enable.
In the File Name box, type the name of the default document, and then select OK.

2 IIS Flask sites on Windows Server - Only 1 runs

Windows Server DataCenter 2019
Python 3.7.6
I have 2 sites configured on IIS.
mysite1 port 9090: Runs using VSCode and entering URL in browser
Runs from VSCode
Enter URL in Browser: ###.###.###.###:9090
mysite2 port 9566: Only runs from VSCode
Runs from VScode.
ERROR 500. Enter URL in Browser: ###.###.###.###:9566
Also from IIS Manager menu option: Browse *:9566
HTTP Error 500.0 - Internal Server Error
C:\inetpub\wwwroot\Flask\mysite2\venv\Scripts\python.exe - The FastCGI process exited unexpectedly
Detailed Error Information:
Module
FastCgiModule
Notification
ExecuteRequestHandler
Handler
Python FastCGI
Error Code
0x00000067
Requested URL
http://localhost:9566/
Physical Path
C:\inetpub\wwwroot\Flask\mysite2
Logon Method
Anonymous
Logon User
Anonymous
The 2 sites are configured with different AppPools
2 web.config files
<configuration>
<system.webServer>
<handlers>
<remove name="FlaskHandler" />
<add name="Python FastCGI" path="*" verb="*" modules="FastCgiModule" scriptProcessor="C:\inetpub\wwwroot\Flask\mysite1\venv\Scripts\python.exe|C:\inetpub\wwwroot\Flask\mysite1\venv\lib\site-packages\wfastcgi.py" resourceType="Unspecified" requireAccess="Script" />
</handlers>
</system.webServer>
<appSettings>
<add key="WSGI_HANDLER" value="app.app" /> <!-- {name_of_file}.{name_of_flask_app}-->
<add key="PYTHONPATH" value="C:\inetpub\wwwroot\Flask\mysite1" />
<add key="WSGI_LOG" value="C:\inetpub\wwwroot\Flask\mysite1\app.log" />
</appSettings>
</configuration>
<configuration>
<system.webServer>
<handlers>
<remove name="FlaskHandler" />
<add name="Python FastCGI" path="*" verb="*" modules="FastCgiModule" scriptProcessor="C:\inetpub\wwwroot\Flask\mysite2\venv\Scripts\python.exe|C:\inetpub\wwwroot\Flask\mysite2\venv\lib\site-packages\wfastcgi.py" resourceType="Unspecified" requireAccess="Script" />
</handlers>
</system.webServer>
<appSettings>
<add key="WSGI_HANDLER" value="app.app" /> <!-- {name_of_file}.{name_of_flask_app}-->
<add key="PYTHONPATH" value="C:\inetpub\wwwroot\Flask\mysite2" />
<add key="WSGI_LOG" value="C:\inetpub\wwwroot\Flask\mysite1\app.log" />
</appSettings>
</configuration>
The same steps were used to create mysite1 and mysite2.
In IIS manager, I stopped mysite1 but mysite2 does not run using entering URL in a browser.
Help is appreciated 1
More Debugging
I turned on Failed Request Tracing
https://learn.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis
These are the Error and Warning traced log messags
94. FASTCGI_UNEXPECTED_EXIT
Error
95. SET_RESPONSE_ERROR_DESCRIPTION 22:01:34.515
Warning
ErrorDescription="C:\inetpub\wwwroot\Flask\mysite2\venv\Scripts\python.exe - The FastCGI process exited unexpectedly" 22:01:34.515
96. MODULE_SET_RESPONSE_ERROR_STATUS
Warning
ModuleName="FastCgiModule", Notification="EXECUTE_REQUEST_HANDLER", HttpStatus="500", HttpReason="Internal Server Error", HttpSubStatus="0", ErrorCode="The semaphore cannot be set again.
(0x67)", ConfigExceptionInfo=""
Debug Post: Python flask app on IIS not working on Windows Server 2019
I do not understand what running wfastcgi.py does but both mysite1 and mysite2 behave the same way.
The "working" site, runs and does not end
C:\inetpub\wwwroot\Flask\RESTAPI_mysite1\venv\Scripts\python.exe C:\inetpub\wwwroot\Flask\mysite1\venv\lib\site-packages\wfastcgi.py
The "non-working" site, runs and does not end
C:\inetpub\wwwroot\Flask\RESTAPI_mysite2\venv\Scripts\python.exe C:\inetpub\wwwroot\Flask\mysite2\venv\lib\site-packages\wfastcgi.py
Debug Post: Getting 500 Internal Server Error when setting up Python and Flask with FastCgiModule on Windows
The suggestions did not work for mysite2.
Help is appreciated 2
It is strange about the application pool. Maybe some special settings of site1 app pool are unknow. Even you create a new pool manually, those settings arenot configured in new pool.
Try to use appcmd to copy the site1 pool to new pool.(Stop site1 pool firstly)
Run command line as administrator.
CD C:\Windows\System32\inetsrv
appcmd.exe list apppool "site1 pool name" /config /xml > D:\AppPoolConfig.xml
appcmd.exe add apppool /name:new pool name /in < D:\AppPoolConfig.xml
Then start the new pool in IIS Manager. Make site2 work on it.

Deploying Django application with SQL Database to Azure

I've built a simple Django application on my local Windows machine that connects to a SQL Server hosted on Azure by leveraging the Django-Pyodbc-Azure back end. I'm able to connect to the database fine on my local machine and my app runs without issue.
However, I'm not in the process of deploying the application to Azure's app service and I'm running into problems. The deployment itself runs without issue, however the following error message shows up in my logs:
Traceback (most recent call last): File "/home/site/wwwroot/antenv3.6/lib/python3.6/site-packages/sql_server/pyodbc/base.py", line 15, in <module>
import pyodbc as Database
ImportError: libodbc.so.2: cannot open shared object file: No such file or directory
File "/home/site/wwwroot/antenv3.6/lib/python3.6/site-packages/sql_server/pyodbc/base.py", line 17, in <module>
raise ImproperlyConfigured("Error loading pyodbc module: %s" % e)
django.core.exceptions.ImproperlyConfigured: Error loading pyodbc module: libodbc.so.2: cannot open shared object file: No such file or directory
My requirements.txt file looks as such:
Django==2.1.4
django-pyodbc-azure==2.1.0.0
pyodbc==4.0.25
pytz==2018.7
And again... this runs fine locally on my Windows machine. But I get this error when I deploy to Azure.
I suspect this has something to do with the Pyodbc backend not being installed correctly on Azure's LINUX based app service? Does anybody have experience resolving this?
I was running into this same issue with the pyodbc package when using the Linux version. I was using the Windows based web-app but had to rebuild from scratch and accidentally selected the Linux version.
Once switching back to the Windows version I used python 3.6 and followed these steps, (based on this blog for deploying a flask app, https://blogs.msdn.microsoft.com/pythonengineering/2016/08/04/upgrading-python-on-azure-app-service/):
Deploy a Django web-app to Azure
In the portal click on "Web App">"New"
Give the web app a name: <webappname>
Set the resource group to be the same as the database
Select the OS to be Windows
Click, deploy - This will take few minutes to deploy
Once deployed you can click on the URL https://<webappname>.azurewebsites.net to see a default azure web page
In your Django project go to settings.py and in the "ALLOWED_HOSTS" add ".azurewebsites.net".
In the Azure portal>webapp, go to Extensions and install python3.6 x64
In Portal > webapp > Application settings, select "Always on".
In settings.py set:
DEBUG = os.getenv('DJANGO_DEBUG') != 'FALSE'
also set other private variables as environment variables (these should then be added as key-value pairs (e.g. DJANGO_DEBUG = FALSE) in Portal>webapp>Application settings>Application settings.
Also, to connect to the SQL database set the database settings to be:
OPTIONS[driver] = 'SQL Server Native Client 11.0'
OPTIONS[MARS_Connection] = 'True'
Make sure you have the following files in the base directory of your django project:
ptvs_virtual_proxy.py
.SkipPythonDeployment
web.config make sure you have key="DJANGO_SETTINGS_MODULE" value "<django-project-name>.settings" (see below)
In your local project, Run pip freeze and put the contents into requirements.txt (see below)
Check that all migration files have been added to git by running git status
Commit and push the changes to your git repo
In the portal, in your new web-app go to "Deployment options"
"Choose Source" -> Follow the steps and click "Finish/Ok" to see the deployment progress and view the logs
Once deployment says "Success", Go to Kudu (http://<webappname>.scm.azurewebsites.net)>Powershell, and run D:\home\python364x64\python.exe -m pip install --upgrade -r D:\home\site\wwwroot\requirements.txt, This should hopefully be successful and only needs to be rerun when you update a package.
Then go back to "Deployment Center" and click on the logs button, and click redeploy, you may also need to restart the web-app to update the environment variables (go to webapp>overview>restart).
For static files, either commit all the admin files after running locally python manage.py collectstatic or you can setup static files like this, then run D:\home\python364x64\python.exe D:\home\site\wwwroot\manage.py collectstatic in Kudu)
web.config file:
<configuration>
<appSettings>
<add key="WSGI_HANDLER" value="<django-project-name>.wsgi.application"/>
<add key="PYTHONPATH" value="D:\home\site\wwwroot"/>
<add key="WSGI_LOG" value="D:\home\LogFiles\wfastcgi.log"/>
<add key="PYTHONPATH" value="D:\home\site\wwwroot" />
<add key="DJANGO_SETTINGS_MODULE" value="<django-project-name>.settings" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<httpErrors errorMode="Detailed"></httpErrors>
<handlers>
<add name="PythonHandler" path="handler.fcgi" verb="*" modules="FastCgiModule" scriptProcessor="D:\home\python364x64\python.exe|D:\home\python364x64\wfastcgi.py" resourceType="Unspecified" requireAccess="Script"/>
</handlers>
<rewrite>
<rules>
<rule name="Static Files" stopProcessing="true">
<conditions>
<add input="true" pattern="false" />
</conditions>
</rule>
<rule name="Configure Python" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{REQUEST_URI}" pattern="^/static/.*" ignoreCase="true" negate="true" />
</conditions>
<action type="Rewrite" url="handler.fcgi/{R:1}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
requirements.txt file:
cycler==0.10.0
Django==1.11.15
django-pyodbc-azure==1.11.15.0
djangorestframework==3.6.3
djangorestframework-jsonp==1.0.2
pyodbc==4.0.25
please go to the scm site of your web app, then try to manually install the modules which throw the error.
For detailed steps, please refer to this article.

There was and error downloading 'https://$metadata'. The request failed with http status 403: Forbidden - XAMARIN WEB REFERENCE WITH HTTPS

I managed to create a web service with self signed SSL through IIS. It's settings at first are set to Client Certificate to none and none required SSL. It is accessible by that time threw web browser and mobile web reference.
Web Browser
Xamarin Web Reference
But when I set the SSL settings to required, it is now forbidden in both. What am I missing in settings for SSL Configuration?
SSL Settings Thru IIS
Web Browser Forbidden Access
Xamarin Web Reference Forbidden Access
WebConfig
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings>
<add name="constring" providerName="System.Data.SqlClient" connectionString="Data Source = source;Initial Catalog = dbname; User ID = user; Password = pw" />
</connectionStrings>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation targetFramework="4.5" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding maxReceivedMessageSize="10485760" name="SecureHttpBinding">
<readerQuotas maxStringContentLength="10485760"></readerQuotas>
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
</configuration>
To access web service via HTTPS in web browser, I followed this link for creating temporary client certificate but I changed the step #5 to this command
makecert -sk MyKeyName -iv RootCaClientTest.pvk -n "CN=tempClientcert" -ic RootCaClientTest.cer -sr localmachine -ss my -sky exchange -pe
I changed the currentuser to localmachine and signature to exchange so that it will be in personal certificate store. When you access the site again, it will ask for client certificate and you can choose it to proceed.
For the main problem to access the service in visual studio xamarin via web reference (which is forbidden somehow).
I found this link to solve the forbidden problem. You can see the second post of (c)MarkoOkram for the solution.
"I am solved problem by saving web browser .wsdl and .xsd files on file system, change reference in those files to matching files. Than i succesfully add reference in visual studio to that file system .wsdl file." -(c) MarkoOkram
I downloaded the file WSDL and XSDs written in WSDL then retarget the filepath to their respective directories and it's done.
update: I also tried to import singleWSDL and it works without editing for xsd's

Classic ASP - web.config deny rule not detecting cookie

I have taken on an Internet facing Classic ASP application (hosted on Windows-Server-2012 / IIS8) that is using Anonymous Access and I want to move to Forms Authentication. Although it is not straight forward, as it currently stands (with the Anon.Access set) the unauthenticated user (i.e. a user that has not yet logged on) can view a .pdf, .doc, etc file if they enter the exact URL path to the file (i.e. security thru obscurity).
The Problem
I am expecting when I am not logged on, I should not be able to see the .pdf's when entering the absolute URL (this is OK)
however I am also expecting when I do logon I should be able to see the .pdf's when entering the absolute URL (this does not happen - what does happen is when I enter the absolute URL of a pdf, I am re-directed back to the home page - I am still logged on but the cookie must not be detected within the authorization - i.e. the "deny" rule above responds with a rejection and sends me back to the home page - note the cookie exists and has not expired)
My Setup and What I have Tried
The Cookie is set via the following code
Response.Cookies("MyAuthCookie") = myGuid
Response.Cookies("MyAuthCookie").Expires = DateAdd("h", 6, Now())
Response.Cookies("MyAuthCookie").Path = "/"
I have tried to tie down access to the .pdf, .doc files via web.config authorization allow/deny rules as follows
<location path="myProtectedFolder">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<machineKey decryptionKey="XXXXXXXX99999999XXXXXXXX" validationKey="XXXXXXXX99999999XXXXXXXX" />
<authentication mode="Forms">
<forms name="MyAuthCookie" loginUrl="/index.asp" path="/" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
Modules have been configured as follows
<modules>
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
...and handlers as follows (to be processed by ISAPI)
<handlers>
<add name="pdfs64" path="*.pdf" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll" resourceType="File" requireAccess="Read" preCondition="classicMode,runtimeVersionv4.0,bitness64" />
<add name="pdfs" path="*.pdf" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="File" requireAccess="Read" preCondition="classicMode,runtimeVersionv4.0,bitness32" />
</handlers>
Other areas of note
I have the website set to Anon.Access and Forms Auth (I tried Forms Auth on its own).
I have given the website folder/sub-folders read/execute to both the AppPool identity user and "Authenticated Users"
I have marked the AppPool as .Net 2 (also tried .Net 4) with Integrated Pipeline (also tried Classic)
Any help would be greatly appreciated
I finished up creating a true FormsAuthentication cookie from the cookie within a HttpModule (config for the module is the modules section). This then accommodated the allow/deny rules.